[arch-general] [aur-general]pipe log msg on conky window
Dear all, as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI. Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window? Regards. **
On 06/21/2012 09:53 PM, Arno Gaboury wrote:
Dear all,
as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window?
Regards.
Sorry, this mail was itended to [arch-general].
On Thu, Jun 21, 2012 at 8:53 PM, Arno Gaboury <arnaud.gaboury@gmail.com> wrote:
Dear all,
as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window?
How about using sudo without password required? It is possible to configure it to allow specific commands - maybe the user can have sudo access to read the relevant log files? -- mike c
2012/6/21 Arno Gaboury <arnaud.gaboury@gmail.com>:
Dear all,
as I was configuring a conky window on my desktop, I decided to add some precisions and tips for configuring the *.conkyrc* file in the Arch WIKI.
Reading any /var/log file needs to be root, thus making difficult to run any home config file with read access to log files. My turnaround is to *$chown root:log /var/log* then *$usermod -aG log username*. Security wise, I do not know if this can bring serious potential breach in the system. If yes, please tell me as I will NOT let this turnaround in the WIKI. What would be a safer solution to read the log files in my conky window?
Regards.
**
Hello, The default syslog-ng configuration is set up so that users in the group 'log' can read the files: # /etc/syslog-ng/syslog-ng.conf options { ... perm(0640); group("log"); }; If you're using something else, then you could try to configure it to do the same. I think that security-wise using a group for this is the perfect approach because you can control who exactly can access the logs. Csaba
participants (3)
-
Arno Gaboury
-
Kazó Csaba
-
mike cloaked